Massive UCLA data breach affects 800,000

Mark Raby, 12th December 2006

Los Angeles (CA) - Social security numbers and other personal information from over 800,000 students and faculty members at UCLA were accessed from a hacker that went in and out of the school's database for over a year, causing what security experts say is the largest-encompassing case of data theft at a North American university.

Because of a hole in the security of the university's online database, the hacker was able to access confidential information from virtually every current student and faculty member, as well as most alumns that attended within the past 10 - 15 years, and some applicants that were never even admitted to the university.

University Chancellor Norman Abrams contends that there is no evidence of malicious identity theft or even any serious misuse of the sensitive data. Nonetheless, it is a big deal for such a sweeping security breach to have gone unnoticed for 13 months.

"We have a responsibility to safeguard personal information, an obligation that we take very seriously. I deeply regret any concern or inconvenience this incident may cause you," said Abrams in an open letter to the students and faculty.

He goes on to encourage all potentially affected students to contact credit reporting agencies, offering the suggestion of asking for a security freeze, which would require the individual's express consent to allow a credit card company or loan agency to access any sort of credit information.

UCLA has a huge student population and its faculty often work on sensitive government and military projects. Every year more than 65,000 people apply for undergraduate and graduate student positions. Campus population is like that of a small city and around 28,000 students attend classes everyday. Faculty have worked at the Los Alamos Nuclear Labs and at the Jet Propulsion Laboratory near Pasadena California.

University Web sites have long been a target for hackers because of the sheer amount of data stored in their databases and because they historically haven't had the most sophisticated steps in place to prevent hackers. Other major campuses with similar large-scale breaches include NYU, The University of Texas, UC Berkley, UC San Diego, and the University of Southern California.